*
* @param type DRBG type to use
* @param strength security strength in bits
- * @param entropy entropy source to be used
+ * @param entropy entropy source to be used (adopted)
* @param personalization_str optional personalization string
* @return drbg_t instance, NULL if not supported
*/
failure:
drbg->destroy(drbg);
- entropy->destroy(entropy);
chunk_free(&out);
if (failed)
{
{
if (ref_put(&this->ref))
{
+ DESTROY_IF(this->entropy);
this->crypter->destroy(this->crypter);
chunk_clear(&this->key);
chunk_clear(&this->value);
},
.type = type,
.strength = strength,
- .entropy = entropy,
.crypter = crypter,
.key = chunk_alloc(key_len),
.value = chunk_alloc(out_len),
seed = chunk_alloc(seed_len);
DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed_len);
- if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr))
+ if (!entropy->get_bytes(entropy, seed.len, seed.ptr))
{
chunk_free(&seed);
destroy(this);
return NULL;
}
+ /* ownership of entropy source is transferred to DRBG */
+ this->entropy = entropy;
+
return &this->public;
}
{
if (ref_put(&this->ref))
{
+ DESTROY_IF(this->entropy);
this->prf->destroy(this->prf);
chunk_clear(&this->key);
chunk_clear(&this->value);
},
.type = type,
.strength = strength,
- .entropy = entropy,
.prf = prf,
.key = chunk_alloc(out_len),
.value = chunk_alloc(out_len),
seed = chunk_alloc(entropy_len + personalization_str.len);
DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", entropy_len);
- if (!this->entropy->get_bytes(this->entropy, entropy_len, seed.ptr))
+ if (!entropy->get_bytes(entropy, entropy_len, seed.ptr))
{
chunk_free(&seed);
destroy(this);
return NULL;
}
+ /* ownership of entropy source is transferred to DRBG */
+ this->entropy = entropy;
+
return &this->public;
}
}
key_size = key_size / BITS_PER_BYTE;
- /* Initiate a NIST SP 800-90A DRBG fed by a true random generator */
+ /* Initiate a NIST SP 800-90A DRBG fed by a true rng owned by the drbg */
rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
if (!rng)
{
if (compute_prime(drbg, key_size/2, safe_prime, &p, &p1) != SUCCESS)
{
drbg->destroy(drbg);
- rng->destroy(rng);
return NULL;
}
if (compute_prime(drbg, key_size/2, safe_prime, &q, &q1) != SUCCESS)
mpz_clear(p);
mpz_clear(p1);
drbg->destroy(drbg);
- rng->destroy(rng);
return NULL;
}
mpz_clear_sensitive(p1);
mpz_clear_sensitive(q1);
drbg->destroy(drbg);
- rng->destroy(rng);
if (drbg_failed || invert_failed)
{
DESTROY_IF(this->privkey);
DESTROY_IF(this->pubkey);
this->drbg->destroy(this->drbg);
- this->entropy->destroy(this->entropy);
chunk_free(&this->ciphertext);
chunk_clear(&this->shared_secret);
free(this);
DBG1(DBG_LIB, "%u bit %s NTRU parameter set %N selected", strength,
parameter_set, ntru_param_set_id_names, param_set_id);
+ /* entropy will be owned by drbg */
entropy = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
if (!entropy)
{
params = TEST_FUNCTION(ntru, ntru_param_set_get_by_id,
privkey_tests[_i].id);
strength = params->sec_strength_len * BITS_PER_BYTE;
+
+ /* entropy rng will be owned by drbg */
entropy = rng_tester_create(privkey_tests[_i].entropy);
drbg = lib->crypto->create_drbg(lib->crypto, DRBG_HMAC_SHA256, strength,
entropy, chunk_from_str("IKE NTRU-KE"));
privkey->destroy(privkey);
pubkey->destroy(pubkey);
drbg->destroy(drbg);
- entropy->destroy(entropy);
}
END_TEST
projects / thirdparty / strongswan.git / commitdiff
